What is new in OpenLM version 1.8

OpenLM 1.8 is out !

The release of this milestone version is a big deal for us here in OpenLM, and we are sure you will feel the same when you start working with it.

Note for OpenLM veterans:

At this stage we recommend not to upgrade OpenLM 1.7 production systems to 1.8, but rather to install it at a sandbox, side by side with the 1.7 production server. This is in order to ensure that full functionality has been maintained in your environment, and to familiarize yourself with the new version.

This document goes over the main features that have been added or enhanced in this version, and the list is quite long:

  • OpenLM Server engine
  • EasyAdmin: Personalization, New reports, Enhanced report windows,
    Moving configuration options to EasyAdmin
  • Support of License management tools
  • Active Directory
  • Named Users support
  • Packages
  • Projects
  • Permissions
  • License Usage
  • License Procurement table
  • License Usage Efficiency report window
  • Licenses not in use report window
  • Recent Feature Denials report window
  • License Servers
  • Session Idle time measurement
  • Database manipulation
  • ArcGIS Borrowed Licenses issue
  • OpenLM Broker
  • OpenLM Agent
  • ArcGIS Set Licensing level tool
  • Installation Process
  • Logs uploader

OpenLM Server engine

The OpenLM server integrates information from various sources in order to create accurate and coherent license usage information. All processing algorithms were reviewed and rewritten as needed in order to improve accuracy and processing speed.

EasyAdmin

The EasyAdmin web application has undergone facelift surgery, is more user friendly, and generally looks nicer. Some graphic presentation windows have been added, and others have been improved in both clarity and robustness.

Personalization:

EasyAdmin windows’ configuration and user settings are now maintained by the OpenLM database, not on the browser’s cache memory (as was in version 1.7). This provides the ability to personalize the EasyAdmin appearance, and get the same user’s view on different computers.

New reports

The new reports are hereby listed. Elaboration on each of these windows is provided below:

  • The License denial widget.
  • Procurement table: Shows licenses’ procurement path, providing detailed expiration information.
  • License usage efficiency report: Histogram per single feature, showing how much of the time have N licenses been used.

Enhanced report windows

Report windows have also been enhanced. It is now possible to:

  • Export chart images or PDF documents and
  • Set report window refresh period


Moving more configuration options to EasyAdmin

Several configuration options were moved from the OpenLM server configuration tool to the EasyAdmin web application, making them accessible from anywhere. One such option is the usage logging according to projects, as depicted below:

Support of License management tools

The addition of license management tools to the expanding portfolio of OpenLM’s supported license managers is an on-going task. Version 1.8 now supports the following concurrent license servers: FlexLM / Flexnet, Sentinel RMS (Aspentech SLM), DSLS, IBM LUM, Sentinel HASP, LM-X (Altair), Reprise RLM, Beta-LM, Mathematica LM (MathLM), and Easycopy. In addition to that, support of some license management tools was enhanced. Here are some of these enhancements:

  • FlexLM: Asset Info information, which is unique per license pool is now monitored. Hence, it is now possible to follow user and group license check out per license pool.
  • FlexLM: Software packages are automatically recognized, and populated by the respective software products. Single features can be associated with different software packages.
  • IBM_LUM license manager monitoring has been added expiration date.
  • IBM_LUM Offline Licenses indications.
  • IBM_LUM HAL (High Availability Licensing) configuration support.
  • DSLS has been fully integrated into the OpenLM 1.8 system.
  • DSLS License borrowing is reported.
  • BetaLM has been introduced in the 1.8 version.
  • BetaLM Cluster configuration is supported.
  • RMS: License versions’ reporting was added.
  • Easycopy LM has been fully integrated into the OpenLM 1.8 system.
  • Matematica (MathLM) has been fully integrated into the OpenLM 1.8 system.

Active Directory

The OpenLM Server is capable of synchronizing users and groups with an organization’s LDAP (Active Directory) to combine license management with other company information. LDAP synchronization provides automatic maintenance of Users’ and Groups’ data.

In version 1.8, Active Directory synchronization has been profoundly improved, to support versatile and complex Active Directory environments. As a bonus, a preview of the impending synchronization scheme is now available. For more information please refer to these documents:

Application Note 2029_a: LDAP (Active Directory) Synchronization. Basic guide v1.8

Application Note 2029_b: LDAP (Active Directory) Synchronization. Comprehensive guide v1.8

Version 1.8 now allows system managers to easily synchronize very complex structures of LDAP. In EasyAdmin the user can now control the execution of the synchronization, exclude groups and users from synchronizing and understand why each synchronized entity was generated.

EasyAdmin incorporates new administrative tools for LDAP synchronization. These provide a better view of the synchronization definitions and the relations between synchronized entities. Group and Users entities are interconnected by hyperlinks, to facilitate the browsing through LDAP synchronized data.

Named licenses support

FlexLM gets its licensing information from the license file, option file and other resources.

The License file contains the asset info information which is unique for every license pool.

The License file also contains asset info associated with groups. OpenLM Version 1.8 can be configured to read Flexnet publisher license files, and hence can report which user takes licenses from which pool.

License Suites and packages

OpenLM 1.8 is capable of integrating more information from FlexLM license files. One of the benefits of that is the capability of arranging licensed features within their respective license packages. The user does no longer need to configure packages’ members manually.

In addition to that, OpenLM 1.8 supports licensing schemes in which single features are associated with two different packages.

Projects

The Project license usage recording capability is available for OpenLM from version 1.6 onwards. In the 1.8 version, some major modifications have been made:

  • The configuration of Project monitoring was shifted from the OpenLM Server configuration tool to the EasyAdmin web application.
  • Administrative capabilities have been added, such as Enabling / Disabling a project, assigning it a priority and expected duration, and marking the project’s completeness percentage.
  • Projects can now be assigned to user groups (not just to individual users).
  • Projects can also be introduced by end-users via the OpenLM Agent module. Please see the ‘Agent’ section below for more information on that.

For more information on monitoring licenses according to projects in OpenLM 1.8 please refer to this document:

Application Note 2030: OpenLM license usage monitoring according to projects – v1.8.

Permissions

New users are automatically associated to the “Everyone” group. After being synchronized (or associated manually) to a different group – the new group becomes the default group.

License Usage

The central “License Usage” window’s graphic presentation was improved, and now employs a cleaner GUI, with a zoom-in option.

License Procurement table

Shows comprehensive license information, as appears in the license file: Licensed packages and their member features, issuing and expiration dates, Asset info etc.

License Efficiency report

A new window that provides a histogram of usage for a single feature, showing how much of the time have N licenses been used. The image below clearly demonstrates ineffective usage of the pool of licenses:

Licenses not in use report

Single out licenses that have not been used for a predefined period of time.

Recent Feature Denials report

A graphic presentation to show a comparative chart of the number of license denials over predefined periods of time: recent and long term.

License Servers

Reported license servers’ information has been enhanced to include:

  • License server timezone
  • Status of the OpenLM broker installed on the license server machine
  • Host availability indication


Session Idle time measurement

Graphical waveform presentation of the Active / Idle ratio for currently and historical sessions.

Database manipulation

Version 1.8 enhances the administrator’s capabilities to manipulate the OpenLM database. It is now possible to

  • Archive or delete old data.
  • Extract irrelevant users and
  • Delete unnecessary groups.

ArcGIS Borrowed Licenses issue

We previously reported an issue pertaining to the upgrade of ArcGIS to the newer FlexLM version. This issue manifested in erroneous reporting of license borrowing. OpenLM 1.8 bypasses this issue and shows the actual borrowing user.

OpenLM Broker

The OpenLM Broker has undergone important changes. These include:

  • Enhanced robustness
  • Enhanced compatibility with a wide array of license managers
  • Ability to read FlexLM license files and Audit logs, in addition to Option files.
  • Implementation of buffers for Broker messages, providing the ability to overcome limited network connectivity failure and continues usage reported even if the OpenLM Server machine crashes for long period of times.

OpenLM Agent

The OpenLM Agent has changed skin and looks much nicer now.

It also integrated the improvements for the following features:

  • Restoring of closed sessions
  • Searching and sorting of the license usage list
  • Selectively hiding or showing specific features
  • ArcGIS licensing level determination (see below).
  • As mentioned above, projects can be introduced by end-users via the OpenLM Agent. Just click the “Create New Project” menu item in the OpenLM Agent interface:

The “Create new Project” window opens. Users can then create new projects and associate their working hours to these projects.

For more information please refer to this document:

Application Note 2030: OpenLM license usage monitoring according to projects – v1.8.

ArcGIS Set Licensing level tool

ESRI implementation is unique in the sense that you can activate the ArcMap software in three different licensing levels:

  • Basic (Previously called viewer or ArcView)
  • Standard (Previously called ‘ArcEditor’)
  • Advanced (Previously called ‘ArcInfo’)

ArcGIS end users can set the licensing level before activating the software. If such a license is available, the software will start. OpenLM has provided this capability since version 1.6 of the software. In version 1.8 we have highly enhanced it:

  • It is now possible to set the licensing level according to available licenses, and
  • The user can choose whether to save the ArcGIS licensing level to the Registry, to do it on a user level, or on a system level (for all users – requires administrative permissions).

Installation Process

The OpenLM installation process has been standardized, and is more coherent on OpenLM version 1.8.

Logs uploader

The Logs uploader has been rewritten, and its robustness has been improved.

Please follow and like us:

Application Note 1029: LDAP (Active Directory) Synchronization

General

The OpenLM Server is capable of synchronizing users and groups with an organization’s LDAP to combine license management, license statistics, and report extraction with other company information. LDAP synchronization provides automatic maintenance of Users’ and Groups’ data.

LDAP Synchronization holds many advantages, for different levels of decision makers in the organization. On an administrative and managerial standpoint, it can be applied for enforcing license usage permissions, implementing usage chargeback (usage billing), analysis of usage trends etc. Administrators may gain in automating FlexLM Option file management, thus streamlining FlexLM reporting. From the end-user point of view, this information may be applied to easily locate other users holding a required license.

The Groups synchronization functionality is part of the Users and Groups extension, and requires additional licensing.

Additional information

Please refer to the video tutorial section on the OpenLM site, for a demonstration of Active Directory synchronization.

Users and groups presentation

The Users and User groups which exist in the OpenLM Database are apparent in the EasyAdmin web application, in the Users and Groups windows respectively. Initially, upon installation of the OpenLM server, the Users and Groups windows are only populated by the logged user (e.g. ‘Orik’ – that’s me), the default ‘generaluser’ user, and the “OpenLM Users” default group.

The Active directory tab – Interfacing the LDAP

This tab is the OpenLM Server’s interface to LDAP (Active directory) synchronization. The 1st thing to do is to connect to the LDAP Database. Type in the LDAP server details:

  • Domain name: the IP Address of the server which is your organization’s domain controller (e.g: 102.101.100.106)

  • Username (e.g: administrator)

  • Password, and

  • LDAP server type: (e.g. “Active Directory”)

Click the ‘Check’ button, and receive an authentication status notification, as depicted below:

 

Organizations may have multiple domain controllers (for example, if different departments or subsidiary companies have their own servers for user authentication). In order to add a second server, select the row where the asterisk is shown above, and type in the data for the second server. In order to apply another synchronization rule to the same LDAP server, click the “Duplicate” button under the list of domain controllers.

Synchronizing Users

It is important to note that synchronizing to the LDAP is a tricky business. You may end up having taken in more users than you intended, and deleting users from the database is difficult. It is highly recommended to experiment on a separate database, NOT on the production database.

In order to synchronize user information:

  • Check the “Synchronize users” check-box. Other fields on the “Active directory” tab are activated.

  • Click the ‘Select’ button. The active directory browser opens.

  • Select a synchronization start node.In this example, We’ve selected an Organizational Unit (OU): OU_Test. Click ‘OK’ and the node path appears in the “Synchronization Start Node” text box. The LDAP would be synchronized from this node down.

 

  • Set the “Sync time interval” value. The value in this example states that the user details would be updated every 12 hours.
  • It is highly recommended to Check the “Sync only active users of licenses” in order to avoid adding users that do not actively use the application. New active users would be added to the list of users as they check out a license, and their LDAP details would be synchronized when the “Sync time interval” elapses.
  • Set the “Sync username attribute”.

    • “sAMAccountName” is good for Pre Windows server 2000 Active directory versions.

    • “userPrincipalName” is good for Post Windows server 2000 Active directory versions.

    • “cn”  should be used for any LDAP configuration other than “Active Directory”, i.e. “Novelle Directory” or “Apache DS” .

      The value of the selected field (sAMAccountName or userPrincipalName or cn) within the Active Directory would be applied as the user name recognized by OpenLM.

Synchronization of Groups

Check the “Synchronize groups” checkbox to enable a variety of options for associating users with groups in the OpenLM database, according to the data structure on the LDAP.

AD Groups:

This option goes through the list of users that populate the nodes beneath the selected node. The “AD Groups” selection should be used carefully, because it may introduce a large amount of undesired groups. This is because users who are members of groups within the selected node may also be members of groups from beyond that node, resulting in additional introduction of these external groups.

Attribute:

OpenLM groups may be created according to specific attributes their members may have. In order to do that, select the “Attribute” radio button, and pick up a suitable attribute from the adjacent drop-down list of attributes. Examples for attributes are: “Division”, “Employee ID”, “Initials” or “Cost center”. Type in a Regex expression that would articulate the required attribute.

Fixed:

This option enables the administrator to associate a particular group name to all users of a specific node within the AD tree. The ‘Fixed’ name typed in the textbox is the group name of the users that would consequently be synchronized in this method.

OUs (organizational units):

This option is in use by organizations that have an organizational hierarchy represented in the LDAP; for example departments nested inside divisions. By selecting the OU synchronization method:

  • Users would be introduced into groups in the OpenLM database. These groups would be named after the LDAP OUs under which the users have been created.

  • If the “Add full hierarchy” checkbox is ticked, the entire OU hierarchy tree descending from the start node would be introduced as groups in the OpenLM database. OUs in which no users have been defined in the LDAP, would be presented in OpenLM as empty groups.

  • If the “Add full hierarchy” checkbox is not ticked, OpenLM would flatly create groups named after the LDAP OUs, and populate these groups by the users which have been defined under these OUs. No empty groups would be created.

Case study

In order to demonstrate the different group synchronization methods, I have created the following OU structure, and enabled all users. Note that Users U_A1 & U_AB2 are members of more than one group:

Case 1: Synchronize users only

Procedure: OU_AB was selected as the start node.

Outcome: All Users were synchronized. No Groups or OUs synchronized.

Case 2: Synchronize AD Groups (1)

Procedure: OU_AB was selected as the start node.

Outcome: All groups and users beneath OU_AB were synchronized. The Hierarchical tree was not preserved.

Case 3: Synchronize AD Groups (2)

Procedure: OU_B was selected as the start node.

Outcome:

  • Users B1 & AB2 have been synchronized.
  • Group B1 was synchronized.
  • Group A1 was synchronized, with only user AB2.

Case 4: Synchronize AD Groups (3)

Procedure: OU_A was selected as the start node.

Outcome: Mirror image of the previous case:

  • Users A1, A2, A3 & AB2 were synchronized.
  • Groups  A1, A2, A3 & B1 were synchronized. Group B1 only contains user AB2.

Case 5: Fixed

Procedure: Start node = OU_A. The “Fixed” name was named “The_A_Team”.

Outcome: All of OU_A’s users were gathered in “The_A_Team” group.

Case 6: Attribute

Reminder: Users A1 & B1 are the only users to have been defined owning “division” attributes with the value “my_division” (See LDAP diagram).

Procedure: OU_AB was selected as the start node. The “Attribute” synchronization method was chosen. The ‘division’ attribute with the value “my_division” was configured in the Active directory configuration form.

Outcome: All Users in OU_AB were synchronized. Users A1 & B1 were gathered in the “my_division” group.

Case 7: OU

Procedure: OU_AB was selected as the start node. “Add Full Hierarchy” was not checked.

Reminder: Users  AB1 & B1 were created under the OU_AB Operational Unit. All other users, i.e. A1, A2, A3, AB2 were created under OU_A.

Outcome: All users under OU_AB were synchronized. OpenLM has flatly created groups named OU_AB, and OU_A. Each of these two groups contain the users which have been created under the respective LDAP’s OUs:

  • Group “OU_AB” contains the users AB1 & B1 (see image below).
  • Group “OU_A” contains all other users, i.e. A1, A2, A3, AB2.

Case 8: OU (2)

Procedure: OU_AB was selected as the start node. “Add Full Hierarchy” was checked.

Outcome: This time the OU hierarchy was preserved, so OU_A and OU_B appear under OU_AB. The users are again grouped according to the position in which they were created:

  • Group “OU_AB” contains the users AB1 & B1.
  • Group “OU_A” contains all other users, i.e. A1, A2, A3, AB2 (see image below).
  • Group “OU_B” is empty.

Please follow and like us: